Fixxx
Moderator
- Joined
- Aug 21, 2024
- Messages
- 929
- Reaction score
- 4,349
- Points
- 93
Ubisoft's Rainbow Six Siege (R6) suffered a breach that allowed hackers to abuse internal systems to ban and unban players, manipulate in-game moderation feeds, and grant massive amounts of in-game currency and cosmetic items to accounts worldwide. According to multiple player reports and in-game screenshots shared online, the attackers were able to:
In a final update, Ubisoft clarified that players would not be punished for spending the granted credits, but that it would be rolling back all transactions made since 11:00 AM UTC. The company also stated that Ubisoft did not generate the messages seen in the ban ticker and that the ticker had been disabled previously.
Ubisoft said it was continuing to work toward fully restoring the game, but the servers remain down at this time. At this time, Ubisoft has not released a formal statement regarding the incident.
Unverified claims state that a much larger breach occurred within Ubisoft's infrastructure. According to security research group VX-Underground, threat actors claimed to have breached Ubisoft's servers using a recently disclosed MongoDB vulnerability dubbed "MongoBleed." Tracked as CVE-2025-14847, the flaw allows unauthenticated remote attackers to leak the memory of exposed MongoDB instances, exposing credentials and authentication keys. A public PoC exploit has already been released that searches for secrets in exposed MongoDB servers. VX-Underground reports that multiple unrelated threat groups may have targeted Ubisoft:
- Ban/unban Rainbow Six Siege players
- Display fake ban messages on the ban ticker.
- Grant all players approximately 2 billion R6 Credits and Renown
- Unlock every cosmetic item in the game, including developer-only skins
"Siege and the Marketplace have been intentionally shut down while the team focuses on resolving the issue," reads a post on X.
In a final update, Ubisoft clarified that players would not be punished for spending the granted credits, but that it would be rolling back all transactions made since 11:00 AM UTC. The company also stated that Ubisoft did not generate the messages seen in the ban ticker and that the ticker had been disabled previously.
*fake ban messages on the Rainbow Six Siege ban ticker.
Ubisoft said it was continuing to work toward fully restoring the game, but the servers remain down at this time. At this time, Ubisoft has not released a formal statement regarding the incident.
Rumors of a larger breach
Unverified claims state that a much larger breach occurred within Ubisoft's infrastructure. According to security research group VX-Underground, threat actors claimed to have breached Ubisoft's servers using a recently disclosed MongoDB vulnerability dubbed "MongoBleed." Tracked as CVE-2025-14847, the flaw allows unauthenticated remote attackers to leak the memory of exposed MongoDB instances, exposing credentials and authentication keys. A public PoC exploit has already been released that searches for secrets in exposed MongoDB servers. VX-Underground reports that multiple unrelated threat groups may have targeted Ubisoft:
- One group claims to have exploited a Rainbow Six Siege service to manipulate bans and in-game inventory without accessing user data.
- A second group allegedly exploited a MongoDB instance using MongoBleed to pivot into Ubisoft's internal Git repositories, claiming to steal a large archive of internal source code from the 1990s to the present.
- A third group claims to have stolen Ubisoft user data via MongoBleed and is attempting to extort the company into paying a ransom.
- A fourth group disputes some of these claims, stating that the second group had access to Ubisoft's source code for a while.